• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata 'Enable Packet Log'

Scheduled Pinned Locked Moved IDS/IPS
3 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    JasonAU
    last edited by Nov 29, 2017, 2:20 AM

    Hi community

    I've enabled 'Enable Packet Log' for my WAN interface where will Suricata save this file ? I found an empty 'packetcapture.cap' in /root but I think this is from the pfsense utility to capture packets

    Secondly what's the quickest way to download the suricata pcap file once I find it onto my windows machine

    Brisbane Queensland Australia

    1 Reply Last reply Reply Quote 0
    • B Offline
      bmeeks
      last edited by Nov 29, 2017, 3:59 AM

      @JasonAU:

      Hi community

      I've enabled 'Enable Packet Log' for my WAN interface where will Suricata save this file ? I found an empty 'packetcapture.cap' in /root but I think this is from the pfsense utility to capture packets

      Secondly what's the quickest way to download the suricata pcap file once I find it onto my windows machine

      All Suricata log files and packet captures will be stored in /var/log/suricata and sub-directories underneath there.

      Bill

      1 Reply Last reply Reply Quote 0
      • J Offline
        JasonAU
        last edited by Nov 29, 2017, 8:13 AM

        Thankyou !

        Will be using it to teach myself some things

        Brisbane Queensland Australia

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received